Frp intranet penetration
Frp intranet penetration In essence, intranet penetration is also a port mapping. Both of them map the intranet address to the accessible address of the public network. The difference is that the port mapping can be configured directly in the router, while the port mapping configured by intraneUTF-8...
Posted by Stasonis on Fri, 24 Sep 2021 20:42:11 +0530
2021 second Tianyi cup ctf
Misc Sign in Group announcement FLAG flag{e7gRR32wJJcHwQjwc2k9qFZ6fvn3gZ8P} Browser First get 1. Default browser (please provide the corresponding value in the registry that can prove that it is the default browser, such as IE.HTTP) Generally in the registry, patiently turn over ./volatility -UTF-8...
Posted by vaanil on Sat, 25 Sep 2021 15:57:00 +0530
CC2 of "idiot" God perspective regulating deserialization chain
The reason for the idiot God perspective is that we got the poc, and the simulation didn't know any details to analyze the cause of this vulnerability. It can also be said that the semi black box state is mainly to exercise the analysis ability. The analysis of CC1 has been published in previoUTF-8...
Posted by apoc- on Tue, 28 Sep 2021 16:30:25 +0530
sql error injection
Error reporting based on format error (xpath syntax error) extractvalue(): The function uses the format: extractvalue(xml_document,Xpath_string). It is used to return a string containing a string from the document. If the string parameter does not conform to the syntax of XPath, an error will bUTF-8...
Posted by cyronuts on Wed, 29 Sep 2021 23:58:57 +0530
Write a simple summary of Windows Shellcode ideas with ASM
What is shellcode? "Code or data, as long as it is location independent binary, it is shellcode." In order to write location independent code, you need to pay attention to the following points: You cannot use a direct offset on a string, you must store the string on the stackdll. Since ASLR wiUTF-8...
Posted by Kibit on Thu, 30 Sep 2021 02:27:21 +0530
Intranet penetration beginner foundation 02
Intranet information collection 01 Around three aspects: Who am I?--Judgment of current machine role where's this?--Analyze and judge the topology of the current network environment Where am i?--Judgment of the area where the current machine is located Collect native information Collect informUTF-8...
Posted by Ange52 on Fri, 01 Oct 2021 04:29:55 +0530
. Net Core microservice practice - Security
Anti Cross Station Request Forgery Attack process essential factor: User logged in to "GoodSite""GoodSite" stores and passes identity information through cookiesUser accessed "BadSite" defense Do not use cookies to store and transmit identity information, and use JWT or other methods for identUTF-8...
Posted by MA06 on Tue, 12 Oct 2021 01:56:08 +0530
Encryption and decryption - debugging Windows debugger implementation
Encryption and decryption - debugging part (II) implementation of Windows debugger (II) In the previous article, we discussed how the next debugger in Windows creates processes and handles debugging events. In this process, we learned about the composition and basic workflow of debugging API unUTF-8...
Posted by imnsi on Fri, 15 Oct 2021 14:54:49 +0530
[Web security] injection book -- the cornerstone of SQL injection
It is better to teach people to fish than to teach people to fish Try to be concise and explain the principle of bypass mode clearly in this article [View information] Unsuitable population: 1. A boss who knows the principles of sql injection like the back of his hand 2. Novice without any datUTF-8...
Posted by viperdk on Tue, 19 Oct 2021 07:30:20 +0530
webmin remote command execution vulnerability (CVE-2019-15107)
What and why Webmin is the most powerful Unix system management tool based on Web. The administrator accesses various management functions of webmin through the browser and completes the corresponding management actions http://www.webmin.com/ Webmin is a browser based management application wriUTF-8...
Posted by bammerman on Fri, 22 Oct 2021 13:03:05 +0530